Consumers should be aware of Retailers Violating the California Invasion of Privacy Act

The California Invasion of Privacy Act (“CIPA”) has recently come into the spotlight once again as consumers across California bring new claims against retailers for potential eavesdropping and wiretapping violations.

Over the last two years, many consumers have issued claims and complaints against retailers for using web analytic tools, such as session replay, Meta Pixel, and chatbots, on the retailers’ websites, claiming that the use of these tools violates California wiretapping and eavesdropping statutes. As of recently, new claims have been brought by consumers pursuant to CIPA alleging that retailers are once violating privacy laws by using tools or processes that can be considered as pen registers and trap-and-trace devices.

Pen registers and trap-and-trace devices are identified as tools or processes used to collect, decode, or otherwise identify dialing, routing, addressing or signaling information (otherwise known as DRAS). Under California’s definition, internet-connected computers and smartphones can be considered as pen-trap devices as they record and maintain records of DRAS information.

With the understanding of these definitions and the uprise of these potential claims pursuant to CIPA, a new civil liability theory indicates that retailers with consumer-facing websites may be unlawfully using these pen-trap devices and processes to collect and keep consumer information.

If you’re a California consumer who has previously engaged with a website potentially using these devices or processes, let us know! Fill out the attached form to contact Shub & Johns today.